Morse Micro Redefines Wireless Efficiency with Industry-Leading Power Amplifier. Download the whitepaper now.

MM-SA-2026-003 Security Advisory

Out-of-bounds read in morse.ko Vendor IE processing

CVE

CVE-2026-7764

Severity

Medium (CVSS v3.1 6.5)

Fixed in

HaLowLink 2 software version 2.11.12

Status

Resolved

Summary

An out-of-bounds read in the morse.ko HaLow Wi-Fi kernel driver allows an unauthenticated attacker within radio range to disclose a small amount of kernel heap memory or cause a denial of service via a crafted 802.11ah beacon or probe response containing a malformed Vendor Information Element.

Affected products

Product

Affected versions

Fixed version

HaLowLink 2

All versions prior to 2.11.12

2.11.12

Customers using morse.ko in their own Linux integrations should treat their integration as affected if the driver source corresponds to a Morse Micro driver release predating 2.11.12. Contact security@morsemicro.com for patched source.

Action

Upgrade HaLowLink 2 software to 2.11.12 or later.

Acknowledgements

Reported to Morse Micro through Bugcrowd. Morse Micro thanks the researcher for responsible disclosure.

References

Loading...

Subscribe to Our Newsletter

Sign up to learn more about Morse Micro and Wi-Fi HaLow.

This field is for validation purposes and should be left unchanged.
Name(Required)

Subscribe to Our Newsletter

Stay up to date with the latest in Wi-Fi HaLow news and events

This field is for validation purposes and should be left unchanged.
Name(Required)